From be82d596a63f4404e6e4deb9aa3c1f69e344ee46 Mon Sep 17 00:00:00 2001
From: Étienne Loks <etienne.loks@iggdrasil.net>
Date: Thu, 27 Nov 2025 12:59:40 +0100
Subject: 🔒️ fix security issue for jQuery CVE-2015-9251
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

https://github.com/jquery/jquery/commit/f60729f3903d17917dc351f3ac87794de379b0cc
---
 ishtar_common/static/js/ishtar.js | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/ishtar_common/static/js/ishtar.js b/ishtar_common/static/js/ishtar.js
index 634657636..d2d6025d6 100644
--- a/ishtar_common/static/js/ishtar.js
+++ b/ishtar_common/static/js/ishtar.js
@@ -23,10 +23,18 @@ beforeSend: function(xhr, settings) {
     }
 }});
 
+/* CVE-2020-11022 */
 jQuery.htmlPrefilter = function(html) {
     return html;
 };
 
+/* CVE-2015-9251 */
+jQuery.ajaxPrefilter(function(s) {
+    if ( s.crossDomain ) {
+        s.contents.script = false;
+    }
+});
+
 if (typeof String.prototype.endsWith !== 'function') {
     String.prototype.endsWith = function(suffix) {
         return this.indexOf(suffix, this.length - suffix.length) !== -1;
-- 
cgit v1.2.3